Mededeling

Collapse
No announcement yet.

zeer traag internet en foutmelding bij opstart windowsXP

Collapse
X
Collapse
  •  
  • Page of 1
  • Filter
  • Tijd
  • Show
Clear All
new posts
Vorige template Volgende
  • #1

    zeer traag internet en foutmelding bij opstart windowsXP

    Ik heb gisteren adware en spybot gebruikt volgens jullie advies (adware deed windows crashen) en met spybot tot 60 infecties verwijderd en dan nu dit log gemaakt. Het voorbije jaar niets van problemen gehad tot vorige week Norton een melding gaf van een TROJAN.VUNDO. Het virus verwijderd, sindsdien kan ik nog altijd surfen, maar het duurt gemiddeld 20 seconden voor een pagina geopend wordt.

    Ik gebruik als browser Mozilla Firefox omdat ik eerder al problemen had met explorer

    de 2 foutmeldingen bij opstart lijken mj een gevolg van Spybotverwijdering

    alvast bedankt voor de hulp

    Logfile of HijackThis v1.99.1
    Scan saved at 10:12:55, on 6/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\acer\epm\epm-dm.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {11241072-58BB-40CE-9171-0B2BDFB22E97} - C:\WINDOWS\system32\vtuvvst.dll
    O2 - BHO: (no name) - {332FDE3C-35FC-473E-A133-DC5A55AA94DA} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
    O2 - BHO: (no name) - {3EE4EC3B-0382-4279-B3F2-60C578B7BE05} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7DF5D468-BF4F-46CB-9D23-FB74EF4C3217} - C:\WINDOWS\system32\ssqpp.dll (file missing)
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O2 - BHO: (no name) - {D3DA0AF6-26F3-4BEA-A57A-3505F0736110} - C:\WINDOWS\system32\awtqo.dll (file missing)
    O2 - BHO: (no name) - {DC5A51A1-3E46-4E19-AF93-02C71C163580} - C:\WINDOWS\system32\jkhhe.dll (file missing)
    O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\oovvurlt.dll",b
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\hennmsbt.dll",s
    O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Administrator\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Administrator\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {C9F75F04-F875-4AFD-8938-DBC968DDD77D} (Simmetry 3d Control) - http://www.simmetry3d.com/SimmetryActiveX.cab
    O20 - Winlogon Notify: vtuvvst - C:\WINDOWS\SYSTEM32\vtuvvst.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    Labels: Geen
    • Citaat
  • #2
    Download VirtumundoBegone (mirror)
    Sla dit op op je bureaublad.

    Dubbelklik op VirtumundoBeGone.exe en volg de aanwijzingen.
    Schrik niet als je een blauw scherm met een foutmelding te zien krijgt - dit is normaal.
    Als de fix klaar is, start je de pc opnieuw op.
    Plaats de inhoud van het logbestand VBG.TXT, dat nu op je bureaublad staat, hier in je volgende bericht.

    Download: RVAXO.exe
    • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
    • Start de computer in veilige modus.
    • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
      Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
    • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
    • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
      Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
    • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
    • Post de inhoud van de logfile in je volgende bericht.
    Post ook een nieuw logje van Hijackthis
    • Citaat

    Comment

    • #3
      RVAXO.EXE krijg ik niet gedownload vanop jouw link. Na het aanklikken van de knop opslaan gebeurt er niets.
      • Citaat

      Comment

      • #4
        Probeer het eens via deze link:
        http://members.lycos.nl/deljob/RemoveVideoActiveXObject.exe.htm
        • Citaat

        Comment

        • #5
          [04/06/2008, 11:14:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Administrator\Desktop\VirtumundoBeGone.exe" )
          [04/06/2008, 11:14:57] - Detected System Information:
          [04/06/2008, 11:14:57] - Windows Version: 5.1.2600, Service Pack 2
          [04/06/2008, 11:14:57] - Current Username: Administrator (Admin)
          [04/06/2008, 11:14:57] - Windows is in NORMAL mode.
          [04/06/2008, 11:14:58] - Searching for Browser Helper Objects:
          [04/06/2008, 11:14:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
          [04/06/2008, 11:14:58] - BHO 2: {11241072-58BB-40CE-9171-0B2BDFB22E97} ()
          [04/06/2008, 11:14:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:14:58] - Checking for HKLM\...\Winlogon\Notify\vtuvvst
          [04/06/2008, 11:14:58] - Found: HKLM\...\Winlogon\Notify\vtuvvst - This is probably Virtumundo.
          [04/06/2008, 11:14:58] - Assigning {11241072-58BB-40CE-9171-0B2BDFB22E97} MSEvents Object
          [04/06/2008, 11:14:58] - BHO list has been changed! Starting over...
          [04/06/2008, 11:14:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
          [04/06/2008, 11:14:58] - BHO 2: {11241072-58BB-40CE-9171-0B2BDFB22E97} (MSEvents Object)
          [04/06/2008, 11:14:58] - ALERT: Found MSEvents Object!
          [04/06/2008, 11:14:58] - BHO 3: {332FDE3C-35FC-473E-A133-DC5A55AA94DA} ()
          [04/06/2008, 11:14:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:14:58] - Checking for HKLM\...\Winlogon\Notify\jkkji
          [04/06/2008, 11:14:58] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
          [04/06/2008, 11:14:58] - BHO 4: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
          [04/06/2008, 11:14:58] - BHO 5: {3EE4EC3B-0382-4279-B3F2-60C578B7BE05} ()
          [04/06/2008, 11:14:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:14:58] - No filename found. Continuing.
          [04/06/2008, 11:14:58] - BHO 6: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
          [04/06/2008, 11:14:58] - BHO 7: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
          [04/06/2008, 11:14:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:14:58] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
          [04/06/2008, 11:14:58] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
          [04/06/2008, 11:14:58] - BHO 8: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
          [04/06/2008, 11:14:58] - BHO 9: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
          [04/06/2008, 11:14:58] - BHO 10: {7DF5D468-BF4F-46CB-9D23-FB74EF4C3217} ()
          [04/06/2008, 11:14:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:14:58] - Checking for HKLM\...\Winlogon\Notify\ssqpp
          [04/06/2008, 11:14:58] - Key not found: HKLM\...\Winlogon\Notify\ssqpp, continuing.
          [04/06/2008, 11:14:58] - BHO 11: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
          [04/06/2008, 11:14:58] - BHO 12: {D3DA0AF6-26F3-4BEA-A57A-3505F0736110} ()
          [04/06/2008, 11:14:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:14:58] - Checking for HKLM\...\Winlogon\Notify\awtqo
          [04/06/2008, 11:14:58] - Key not found: HKLM\...\Winlogon\Notify\awtqo, continuing.
          [04/06/2008, 11:14:58] - BHO 13: {D8EA71B0-0C62-49CF-8933-24A0BC1D20BF} ()
          [04/06/2008, 11:14:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:14:58] - Checking for HKLM\...\Winlogon\Notify\awtsp
          [04/06/2008, 11:14:58] - Key not found: HKLM\...\Winlogon\Notify\awtsp, continuing.
          [04/06/2008, 11:14:58] - BHO 14: {DC5A51A1-3E46-4E19-AF93-02C71C163580} ()
          [04/06/2008, 11:14:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:14:58] - Checking for HKLM\...\Winlogon\Notify\jkhhe
          [04/06/2008, 11:14:58] - Key not found: HKLM\...\Winlogon\Notify\jkhhe, continuing.
          [04/06/2008, 11:14:58] - Finished Searching Browser Helper Objects
          [04/06/2008, 11:14:58] - *** Detected MSEvents Object
          [04/06/2008, 11:14:58] - Trying to remove MSEvents Object...
          [04/06/2008, 11:14:59] - Terminating Process: IEXPLORE.EXE
          [04/06/2008, 11:14:59] - Terminating Process: RUNDLL32.EXE
          [04/06/2008, 11:15:00] - Disabling Automatic Shell Restart
          [04/06/2008, 11:15:00] - Terminating Process: EXPLORER.EXE
          [04/06/2008, 11:15:01] - Suspending the NT Session Manager System Service
          [04/06/2008, 11:15:01] - Terminating Windows NT Logon/Logoff Manager
          [04/06/2008, 11:15:02] - Re-enabling Automatic Shell Restart
          [04/06/2008, 11:15:02] - File to disable: C:\WINDOWS\system32\vtuvvst.dll
          [04/06/2008, 11:15:02] - Renaming C:\WINDOWS\system32\vtuvvst.dll -> C:\WINDOWS\system32\vtuvvst.dll.vir
          [04/06/2008, 11:15:03] - File successfully renamed!
          [04/06/2008, 11:15:03] - Removing HKLM\...\Browser Helper Objects\{11241072-58BB-40CE-9171-0B2BDFB22E97}
          [04/06/2008, 11:15:03] - Removing HKCR\CLSID\{11241072-58BB-40CE-9171-0B2BDFB22E97}
          [04/06/2008, 11:15:03] - Adding Kill Bit for ActiveX for GUID: {11241072-58BB-40CE-9171-0B2BDFB22E97}
          [04/06/2008, 11:15:04] - Deleting ATLEvents/MSEvents Registry entries
          [04/06/2008, 11:15:04] - Removing HKLM\...\Winlogon\Notify\vtuvvst
          [04/06/2008, 11:15:04] - Searching for Browser Helper Objects:
          [04/06/2008, 11:15:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Help bij koppelingen)
          [04/06/2008, 11:15:04] - BHO 2: {332FDE3C-35FC-473E-A133-DC5A55AA94DA} ()
          [04/06/2008, 11:15:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:15:04] - Checking for HKLM\...\Winlogon\Notify\jkkji
          [04/06/2008, 11:15:04] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
          [04/06/2008, 11:15:04] - BHO 3: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet Helper)
          [04/06/2008, 11:15:04] - BHO 4: {3EE4EC3B-0382-4279-B3F2-60C578B7BE05} ()
          [04/06/2008, 11:15:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:15:04] - No filename found. Continuing.
          [04/06/2008, 11:15:04] - BHO 5: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
          [04/06/2008, 11:15:04] - BHO 6: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} ()
          [04/06/2008, 11:15:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:15:04] - Checking for HKLM\...\Winlogon\Notify\coIEPlg
          [04/06/2008, 11:15:04] - Key not found: HKLM\...\Winlogon\Notify\coIEPlg, continuing.
          [04/06/2008, 11:15:04] - BHO 7: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} (Symantec Intrusion Prevention)
          [04/06/2008, 11:15:04] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
          [04/06/2008, 11:15:04] - BHO 9: {7DF5D468-BF4F-46CB-9D23-FB74EF4C3217} ()
          [04/06/2008, 11:15:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:15:04] - Checking for HKLM\...\Winlogon\Notify\ssqpp
          [04/06/2008, 11:15:04] - Key not found: HKLM\...\Winlogon\Notify\ssqpp, continuing.
          [04/06/2008, 11:15:04] - BHO 10: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} (FDMIECookiesBHO Class)
          [04/06/2008, 11:15:04] - BHO 11: {D3DA0AF6-26F3-4BEA-A57A-3505F0736110} ()
          [04/06/2008, 11:15:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:15:04] - Checking for HKLM\...\Winlogon\Notify\awtqo
          [04/06/2008, 11:15:04] - Key not found: HKLM\...\Winlogon\Notify\awtqo, continuing.
          [04/06/2008, 11:15:04] - BHO 12: {D8EA71B0-0C62-49CF-8933-24A0BC1D20BF} ()
          [04/06/2008, 11:15:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:15:04] - Checking for HKLM\...\Winlogon\Notify\awtsp
          [04/06/2008, 11:15:04] - Key not found: HKLM\...\Winlogon\Notify\awtsp, continuing.
          [04/06/2008, 11:15:04] - BHO 13: {DC5A51A1-3E46-4E19-AF93-02C71C163580} ()
          [04/06/2008, 11:15:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
          [04/06/2008, 11:15:04] - Checking for HKLM\...\Winlogon\Notify\jkhhe
          [04/06/2008, 11:15:04] - Key not found: HKLM\...\Winlogon\Notify\jkhhe, continuing.
          [04/06/2008, 11:15:04] - Finished Searching Browser Helper Objects
          [04/06/2008, 11:15:04] - Finishing up...
          [04/06/2008, 11:15:04] - A restart is needed.
          [04/06/2008, 11:15:32] - Attempting to Restart via STOP error (Blue Screen)



          ---RVAXO.exe Updated: 2008-04-04---first run---
          Uninstallers:

          Files found:
          C:\WINDOWS\system32\vtuvvst.dll.vir
          C:\WINDOWS\system32\ppqss.ini
          C:\WINDOWS\system32\oqtwa.ini2
          C:\WINDOWS\system32\ehhkj.ini2
          C:\WINDOWS\system32\ijkkj.ini2
          C:\WINDOWS\system32\pstwa.ini2
          C:\WINDOWS\system32\ppqss.ini2
          C:\WINDOWS\pskt.ini
          C:\WINDOWS\system32\mcrh.tmp

          Folders Found:
          C:\Program Files\Helper

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------



          Logfile of HijackThis v1.99.1
          Scan saved at 13:41:00, on 6/04/2008
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\Ati2evxx.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Acer\eManager\anbmServ.exe
          C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
          C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          C:\WINDOWS\AGRSMMSG.exe
          C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
          C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
          C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
          C:\Program Files\Launch Manager\QtZgAcer.EXE
          C:\Program Files\iTunes\iTunesHelper.exe
          C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe
          C:\acer\epm\epm-dm.exe
          C:\WINDOWS\system32\rundll32.exe
          C:\WINDOWS\system32\Rundll32.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
          C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
          C:\Program Files\iPod\bin\iPodService.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
          R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
          O3 - Toolbar: Norton-werkbalk weergeven - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
          O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
          O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
          O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
          O4 - HKLM\..\Run: [ScanSoft OmniPage SE 4.0-reminder] "C:\Program Files\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users.WINDOWS\Application Data\ScanSoft\OmniPageSE4.0\Ereg\ereg.ini"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
          O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
          O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
          O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\saheyaua.dll",b
          O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
          O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
          O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
          O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
          O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
          O4 - HKLM\..\Run: [ExtraFilmHemmaAgent] "C:\Program Files\ExtraFilm PhotoAssistant\Agent.exe"
          O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
          O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
          O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
          O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
          O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [BM313e2b3d] Rundll32.exe "C:\WINDOWS\system32\ypuivawk.dll",s
          O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Administrator\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Administrator\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070829\Setup.exe" "/REALUPREBOOT /temp /patched"
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
          O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
          O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
          O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
          O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
          O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
          O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
          O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
          O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
          O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
          O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
          O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
          O16 - DPF: {C9F75F04-F875-4AFD-8938-DBC968DDD77D} (Simmetry 3d Control) - http://www.simmetry3d.com/SimmetryActiveX.cab
          O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
          O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
          O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
          O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
          O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
          O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
          O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
          O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
          O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
          O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
          O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
          O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
          O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
          O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
          O23 - Service: Planner voor Automatische LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
          • Citaat

          Comment

          • #6
            Download Malwarebytes' Anti-Malware op je bureaublad.
            Dubbelklik mbam-setup.exe en kies voor "Next" om de tool te installeren.
            Als de installatie voltooid is zet je vinkjes bij "Update MalwareBytes' Anti-Malware" en bij "Launch MalwareBytes' Anti-Malware".
            Druk daarna op "Finish".
            Kies in het hoofdscherm voor de tab "Scanner" en selecteer het keuzerondje "Perform full scan".
            Druk op de knop "Scan" en zorg dat al je harde schijven/partities aangevinkt staan.
            Druk dan op de knop "Start Scan".
            Wanneer de scan voltooid is klik je op OK, daarna op "Show Results" om de resultaten te zien.
            Zorg ervoor dat alles aangevinkt is, klik daarna op "Remove Selected".
            Als het programma je computer wil laten herstarten, sta je dit toe.
            Daarna opent een logje(mbam-log-XX-XX-XXXX(xx-xx-xx).txt)
            Post deze log in je volgende bericht tesamen met een nieuw logje van Hijackthis
            • Citaat

            Comment

            • #7
              zelfde probleem als daarnet: geen download op jouw link
              • Citaat

              Comment

              • #8
                Post het volgende logje maar even: C:\RVAXO-Vfind.log
                • Citaat

                Comment

                Vorige template Volgende
                Sorry, you are not authorized to view this page
                Working...
                X